Discussion about backup passwords for LUKS encrypted filesystems before revising wiki

To: debian-user@lists.debian.org
Subject: Discussion about backup passwords for LUKS encrypted filesystems before revising wiki
From: rhkramer@gmail.com
Date: Tue, 22 Dec 2020 12:11:19 -0500
Message-id: <[🔎] 202012221211.19232.rhkramer@gmail.com>

See the quoted paragraph, below, quoted from the 
[[https://wiki.debian.org/LVM#Encrypted_LVM][LVM#Encrypted_LVM]] wiki.  

It seems to me that the idea of creating and saving backup passwords is 
something of a red herring (to borrow a "Briticism").

The way I see it:

   * if, in the future: "somehow you<sic> first password is no longer working" 
-- I'm guessing that whatever that "somehow" is, it is likely to affect all the 
passwords (all of which are stored in the LUKS header)

   * or if: "you simply forget your password" -- it seems unlikely that you'll 
forget the "normal" password (the one you most often use) but remember a 
backup password (although maybe you'd use something really easy to remember 
(for you), and hope that because you don't normally use it, it is less exposed 
and less likely to be captured somehow)

   * or if: "something unexpected happens such as a bug after a kernel update 
and somehow the password is no longer working" -- it seems likely to me that 
if a kernel bug makes one password no longer work, it would be likely that 
none of the passwords not to work (although I think I can think of exceptions, 
e.g., your password contains a special symbol, but a kernel bug (or bug 
somewhere) prevents entry of that special symbol

My point is this: I think creating and saving backup passwords is of minimal 
value.  Far more important (but not mentioned) is making and keeping backup 
copies of your encrypted data (possibly not encrypted but stored in a bank 
vault ;-), yet that is not mentioned.

I am capable (or think I'm capable ;-) of revising the wiki to add a statement 
to the effect that, more important than storing backup passwords is storing 
backups of the actual data.  I just wanted to provoke some discussion before 
making such a revision.  (I might even downplay the emphasis on creating and 
storing backup passwords.)

<quote>
Note: The password(s) of a encrypted LVM volume are stored inside its Linux 
Unified Key Setup (LUKS) header(s). Creating backup passwords is important 
because if in the future somehow you first password is no longer working, or 
you simply forget your password, or you do remember your password but 
something unexpected happens such as a bug after a kernel update and somehow 
the password is no longer working, then without backup password(s) you risk to 
permanently lose all your valuable data stored into that encrypted LVM 
storage.
</quote>

Reply to:

Follow-Ups:
- Re: Discussion about backup passwords for LUKS encrypted filesystems before revising wiki
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: Discussion about backup passwords for LUKS encrypted filesystems before revising wiki
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Discussion about backup passwords for LUKS encrypted filesystems before revising wiki
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

Prev by Date: Re: Good tutorial on how to setup Gnome and KDE on the same machine?
Next by Date: Re: Discussion about backup passwords for LUKS encrypted filesystems before revising wiki
Previous by thread: Re: Good tutorial on how to setup Gnome and KDE on the same machine?
Next by thread: Re: Discussion about backup passwords for LUKS encrypted filesystems before revising wiki
Index(es):
- Date
- Thread